bimbogeek Skrevet 18. august 2008 Del Skrevet 18. august 2008 Hei, Jeg har hatt en invasjon av wixawin popups de siste dagene som jeg har forsøkt å fjerne ved å følge oppskriften som står på denne hjemmesiden. Nedfor har jeg limt inn de tre loggene (pluss loggen for MBAM siden den detekterte to trojanere). Kunne dere se over det? bimbogeek --------------------------------------------------------------------------------------------------------------------------------------- SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 08/18/2008 at 07:08 PM Application Version : 4.15.1000 Core Rules Database Version : 3538 Trace Rules Database Version: 1527 Scan type : Quick Scan Total Scan Time : 00:11:35 Memory items scanned : 385 Memory threats detected : 0 Registry items scanned : 353 Registry threats detected : 0 File items scanned : 4447 File threats detected : 1 Adware.Tracking Cookie C:\Documents and Settings\bimbogeek\Cookies\bimbogeek@adtech[1].txt --------------------------------------------------------------------------------------------------------------------------------------- ComboFix 08-08-17.03 - bimbogeek 2008-08-18 19:12:36.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1044.18.148 [GMT 3:00] Running from: C:\Documents and Settings\bimbogeek\Skrivebord\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Default User\UserData C:\Documents and Settings\Default User\UserData\7LZ8IJFV\oWindowsUpdate[1].xml C:\Documents and Settings\Default User\UserData\index.dat C:\Documents and Settings\bimbogeek\UserData C:\Documents and Settings\bimbogeek\UserData\7LZ8IJFV\iconState[1].xml C:\Documents and Settings\bimbogeek\UserData\7LZ8IJFV\oWindowsUpdate[1].xml C:\Documents and Settings\bimbogeek\UserData\index.dat C:\Documents and Settings\bimbogeek\UserData\PY9DTOSX\oWindowsUpdate[1].xml C:\Documents and Settings\bimbogeek\UserData\PY9DTOSX\showHideState[2].xml C:\Documents and Settings\bimbogeek\UserData\PY9DTOSX\sn[1].xml C:\Documents and Settings\bimbogeek\UserData\S4SVJGRY\iconState[1].xml C:\Documents and Settings\bimbogeek\UserData\S4SVJGRY\iconState[2].xml C:\Documents and Settings\bimbogeek\UserData\WTQUAHQ7\showHideState[1].xml C:\Documents and Settings\bimbogeek\UserData\WTQUAHQ7\showHideState[2].xml C:\WINDOWS\system32\config\systemprofile\UserData C:\WINDOWS\system32\config\systemprofile\UserData\7LZ8IJFV\oWindowsUpdate[1].xml C:\WINDOWS\system32\config\systemprofile\UserData\index.dat C:\WINDOWS\Tasks.\AppleSoftwareUpdate.job C:\WINDOWS\Tasks.\Check Updates for Windows Live Toolbar.job . ((((((((((((((((((((((((( Files Created from 2008-07-18 to 2008-08-18 ))))))))))))))))))))))))))))))) . 2008-08-18 18:50 . 2008-08-18 18:50 <DIR> d-------- C:\Programfiler\SUPERAntiSpyware 2008-08-18 18:50 . 2008-08-18 18:50 <DIR> d-------- C:\Documents and Settings\bimbogeek\Programdata\SUPERAntiSpyware.com 2008-08-18 18:50 . 2008-08-18 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\SUPERAntiSpyware.com 2008-08-18 18:48 . 2008-08-18 18:48 <DIR> dr-h----- C:\Documents and Settings\bimbogeek\Siste 2008-08-18 18:42 . 2008-08-18 18:42 <DIR> d-------- C:\Programfiler\CCleaner 2008-08-12 23:46 . 2008-08-12 23:46 <DIR> d-------- C:\Programfiler\Spybot - Search & Destroy 2008-08-12 23:46 . 2008-08-18 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Spybot - Search & Destroy 2008-08-12 23:32 . 2008-08-18 19:20 4,460,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-08-12 23:32 . 2008-08-18 19:16 53,276 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-08-12 23:30 . 2008-08-12 23:30 <DIR> d-------- C:\Programfiler\ZoneAlarmSB 2008-08-12 23:28 . 2008-08-12 23:28 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\MailFrontier 2008-08-12 23:28 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe 2008-08-12 23:28 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll 2008-08-12 23:28 . 2008-08-12 23:30 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-08-12 23:27 . 2008-08-12 23:27 <DIR> d-------- C:\Programfiler\Zone Labs 2008-08-12 23:26 . 2008-08-18 19:03 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-08-12 23:20 . 2008-08-18 18:00 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-08-12 23:07 . 2008-08-12 23:07 <DIR> d-------- C:\Programfiler\Lavasoft 2008-08-12 23:07 . 2008-08-18 18:49 <DIR> d-------- C:\Programfiler\Fellesfiler\Wise Installation Wizard 2008-08-12 23:07 . 2008-08-12 23:07 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\Lavasoft 2008-08-12 22:59 . 2008-08-18 12:59 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-08-12 22:59 . 2008-08-12 23:06 <DIR> d-------- C:\Documents and Settings\bimbogeek\Programdata\AVGTOOLBAR 2008-08-12 22:59 . 2008-08-12 22:59 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-08-12 22:59 . 2008-08-12 22:59 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-08-12 22:59 . 2008-08-12 22:59 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-08-12 22:58 . 2008-08-12 22:58 <DIR> d-------- C:\Programfiler\AVG 2008-08-12 22:58 . 2008-08-12 22:58 <DIR> d-------- C:\Documents and Settings\All Users\Programdata\avg8 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-18 15:55 --------- d-----w C:\Documents and Settings\bimbogeek\Programdata\OpenOffice.org2 2008-08-12 19:55 --------- d-----w C:\Programfiler\Symantec 2008-08-12 19:55 --------- d-----w C:\Programfiler\Fellesfiler\Symantec Shared 2008-08-12 19:55 --------- d-----w C:\Documents and Settings\All Users\Programdata\Symantec 2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-17 19:43 --------- d-----w C:\Programfiler\AVI MPEG RM WMV Splitter 2008-07-09 06:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll 2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 16:45 --------- d-----w C:\Programfiler\Fellesfiler\Adobe 2008-07-03 16:42 --------- d-----w C:\Documents and Settings\bimbogeek\Programdata\AdobeUM 2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:43 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-13 20:08 68856] "MsnMsgr"="C:\Programfiler\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 22:00 15360] "Veoh"="C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "SpybotSD TeaTimer"="C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368] "WMPNSCFG"="C:\Programfiler\Windows Media Player\WMPNSCFG.exe" [2006-11-15 11:46 204288] "SUPERAntiSpyware"="C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 10:33 1506544] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Programfiler\QuickTime\qttask.exe" [2006-09-01 16:57 282624] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-12 22:58 1232152] "ZoneAlarm Client"="C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 22:00 15360] C:\Documents and Settings\bimbogeek\Start-meny\Programmer\Oppstart\ OpenOffice.org 2.0.lnk - C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe [2006-06-27 23:58:04 393216] C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart\ Hurtigstart for Adobe Reader.lnk - C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\PROGRA~1\DVDREG~1\DVDShell.dll" [2003-01-29 14:58 40960] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programfiler\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Programfiler\\Messenger\\msmsgs.exe"= "C:\\Programfiler\\MSN Messenger\\msnmsgr.exe"= "C:\\Programfiler\\MSN Messenger\\livecall.exe"= "C:\\Programfiler\\Veoh Networks\\Veoh\\VeohClient.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgemc.exe"= "C:\\Programfiler\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-12 22:59] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-12 22:58] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-12 22:58] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-12 22:59] S3 IFA_Moore Service;IFA_Moore Service;C:\Programfiler\Fellesfiler\Primal Pictures Shared\Service\IFA_Moore Service File.exe [2007-02-16 22:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-A00F1098D7.exe - C:\DOCUME~1\JENNIF~1\LOKALE~1\Temp\_A00F1098D7.exe Notify-481793a3382 - C:\WINDOWS\system32\__c00D8854.dat Notify-__c00BED1E - C:\WINDOWS\system32\__c00BED1E.dat . ------- Supplementary Scan ------- . R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s O8 -: &Windows Live Search - C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 -: Åpne i ny bakgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?47c5697d302b474083b60ab63a028c74 O8 -: Åpne i ny forgrunnsflik - C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?47c5697d302b474083b60ab63a028c74 ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-18 19:17:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\DOCUME~1\JENNIF~1\LOKALE~1\Temp\8d2290b2-3b3f-4824-9c3c-f4fa8d513bcf.tmp 0 bytes scan completed successfully hidden files: 1 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\Programfiler\Windows Media Player\wmpnetwk.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.bin C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-08-18 19:24:37 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-18 16:24:12 Pre-Run: 176,886,407,168 byte ledig Post-Run: 176,867,926,016 byte ledig 174 --- E O F --- 2008-08-16 00:04:40 --------------------------------------------------------------------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:34:08, on 18.08.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programfiler\Canon\CAL\CALMAIN.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programfiler\QuickTime\qttask.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programfiler\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe C:\Programfiler\Windows Media Player\WMPNSCFG.exe C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.exe C:\Programfiler\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\explorer.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Programfiler\AVG\AVG8\avgrsx.exe C:\Documents and Settings\bimbogeek\Skrivebord\test\bka.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programfiler\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programfiler\Fellesfiler\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programfiler\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programfiler\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programfiler\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programfiler\google\googletoolbar2.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programfiler\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programfiler\AVG\AVG8\avgtoolbar.dll O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programfiler\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programfiler\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [swg] C:\Programfiler\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programfiler\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Veoh] "C:\Programfiler\Veoh Networks\Veoh\VeohClient.exe" /VeohHide O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programfiler\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Programfiler\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Programfiler\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJENESTE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETTVERKSTJENESTE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programfiler\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Hurtigstart for Adobe Reader.lnk = C:\Programfiler\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Programfiler\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Åpne i ny bakgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/229?47c5697d302b474083b60ab63a028c74 O8 - Extra context menu item: Åpne i ny forgrunnsflik - res://C:\Programfiler\Windows Live Toolbar\Components\nb-no\msntabres.dll.mui/230?47c5697d302b474083b60ab63a028c74 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1137417613093 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programfiler\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll O20 - Winlogon Notify: !SASWinLogon - C:\Programfiler\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programfiler\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programfiler\Canon\CAL\CALMAIN.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programfiler\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: IFA_Moore Service - Unknown owner - C:\Programfiler\Fellesfiler\Primal Pictures Shared\Service\IFA_Moore Service File.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 7861 bytes --------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes' Anti-Malware 1.25 Database versjon: 1065 Windows 5.1.2600 Service Pack 2 19:52:25 18.08.2008 mbam-log-08-18-2008 (19-52-25).txt Skanntype: Rask Skann Objekter skannet: 36066 Tid tilbakelagt: 3 minute(s), 2 second(s) Minneprosesser infisert: 0 Minnemoduler infisert: 0 Registernøkler infisert: 1 Registerverdier infisert: 0 Registerfiler infisert: 0 Mapper infisert: 0 Filer infisert: 1 Minneprosesser infisert: (Ingen mistenkelige filer funnet) Minnemoduler infisert: (Ingen mistenkelige filer funnet) Registernøkler infisert: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00bed1e (Trojan.Agent) -> Quarantined and deleted successfully. Registerverdier infisert: (Ingen mistenkelige filer funnet) Registerfiler infisert: (Ingen mistenkelige filer funnet) Mapper infisert: (Ingen mistenkelige filer funnet) Filer infisert: C:\WINDOWS\system32\ (Trojan.Agent) -> Delete on reboot. Lenke til kommentar
snippsat Skrevet 18. august 2008 Del Skrevet 18. august 2008 Loggene ser bra ut nå. Combofix slettet litt grums. Fungere pcen fint,gjør du dette. Du kan fjerne combofix ved å skrive combofix /u fra kjør-vinduet. Denne kommandoen gjør at filer i karantene og backups blir slette. Systemgjenopprettingsmappa nullstilt etc. Surf trygt. Lenke til kommentar
bimbogeek Skrevet 19. august 2008 Forfatter Del Skrevet 19. august 2008 Tusen takk for at du tok deg tid til å se gjennom loggene mine! Lenke til kommentar
Anbefalte innlegg
Opprett en konto eller logg inn for å kommentere
Du må være et medlem for å kunne skrive en kommentar
Opprett konto
Det er enkelt å melde seg inn for å starte en ny konto!
Start en kontoLogg inn
Har du allerede en konto? Logg inn her.
Logg inn nå